Introduction to NonStop Operations Management
Check Lists
Introduction to NonStop Operations Management–125507
B-10
Security Management
•
Reserve a range of group numbers for network user IDs, and assign network
user IDs from these groups. Decide on the network-wide names for the groups
on an as-needed basis.
•
Designate a particular organization to own each group name and group ID, and
make that organization responsible for controlling the allocation of user IDs
within its group.
•
Determine what applications and users can use network IDs.
•
Consider using encryption devices.
•
Establish procedures for verifying communications with operations staff at other
locations.
9. Secure client/server environments:
•
Assign a personal ID and password to every client/server application user.
•
Consider using encryption devices.
•
Authenticate the user at the client workstation by installing a smart-card device
in the workstation.
•
Place the client portion of the application on a diskless workstation to prevent
copying sensitive information to a floppy disk or access to a hard disk.
•
Design the client/server application so that the client portion authenticates the
user, determines what servers the user is entitled to use, and passes the personal
ID when it calls the server. The server portion of the application should receive
the personal ID and decide whether it is open to all users, is restricted to certain
personal IDs, or needs stronger identification/verification.
10. Establish guidelines for moving programs from a development environment to a
production environment. To secure new programs, verify that the programs are
tested, use only authorized and documented versions, and ensure that security
settings and logons comply with the requirements of the security policy.
11. Establish procedures for controlling PROGID programs.
12. Establish procedures for controlling licensed programs. Describe the steps
operations staff should take to:
•
Approve a request for a program license
•
Review, compile, bind, and test source code before issuing a license
•
Monitor and detect licensed programs
•
Integrate licensed programs into new releases